We performed a comparison between Intercept X Endpoint and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The integration with other Microsoft solutions is the most valuable feature."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The most valuable feature is the network security."
"The threat intelligence is excellent."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The most valuable feature is the anti-ransomware capability. It's been helpful because we have been seeing a lot of information around what the ransomware hit."
"The base product and the anti-malware feature are most valuable."
"The pricing is fair. It's not too costly for our small organization."
"The key factor that attracted me to Sophos Intercept X was the multi-platform. I have multiple clients that have mixed environments of Mac and Windows. I am able to deliver a standard solution, regardless of the platform."
"The solution is overall quite good, the services are performing well. It is very good for those who are using standard PC configurations. It does not block their system up by taking up a lot of resources."
"Offers artificial intelligence, security metrics and a lot of information gathered to make decisions."
"This product integrates well with Sophos firewalls and should be seriously considered by Sophos Firewall clients."
"The most valuable feature is the CryptoGuard in Sophos. In a case of a ransomware attack, this feature comes into action to protect us."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"I like that the solution is on top of the Kubernetes stack."
"It is a stable solution."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"The product is easy to customize."
"It has efficient SCA capabilities."
"The main thing I like about it is that it has an EDR."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"There could be a way to proactively monitor unusual activity ."
"The logs could be better."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The support team is not competent or responsive."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"Features that should be improved in the upgrade involve the excessive consumption of the the solution's processor, RAM and resources."
"The tool is not stable on Linux systems."
"Sophos Intercept X could improve on its setup process. They could make it easier to have a baseline set up for the system, or at least provide more understanding of what the baseline is when you first install it. This could be a matter of lack of training on my part, but it's difficult to receive training on solutions that are not Cisco. Cisco is the only vendor with classes or courses."
"The choices offered for the on-premises and cloud-based platforms are the reverse of each other."
"When I use a proxy, I can bypass Sophos, which is an area that needs improvement."
"The ADR functionalities feel like they aren't mature enough. It hasn't been a long time since Sophos has offered reproduction. Due to the fact that it's so young, it has fewer functionalities than other and more mature ADR solutions."
"The graphical interface could improve. Additionally, adding less expensive mobile device support would be helpful. Other solutions have this feature."
"The integration has room for improvement, especially with Mac OS."
"While it is scalable, it can suffer from reduced latencies."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"The computing resources are consuming and do not make sense."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Wazuh is missing many things that a typical SIEM should have."
"A lack of certain features creates limitations."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
Intercept X Endpoint is ranked 8th in Extended Detection and Response (XDR) with 101 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Intercept X Endpoint is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Intercept X Endpoint writes "A standard offering with good threat analysis but reduces machine performance". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Intercept X Endpoint is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Kaspersky Endpoint Security for Business, SentinelOne Singularity Complete and Panda Adaptive Defense 360, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our Intercept X Endpoint vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.